--- ulogd.c +++ ulogd.c 2007/05/31 11:51:19 @@ -87,6 +87,11 @@ #define ULOGD_CONFIGFILE "/etc/ulogd.conf" #endif +/* default user to run as or "" */ +#ifndef ULOGD_USER_DEFAULT +#define ULOGD_USER_DEFAULT "" +#endif + /* global variables */ static struct ipulog_handle *libulog_h; /* our libipulog handle */ static unsigned char* libulog_buf; /* the receive buffer */ @@ -545,7 +550,12 @@ static config_entry_t nlgroup_ce = { &pl static config_entry_t loglevel_ce = { &nlgroup_ce, "loglevel", CONFIG_TYPE_INT, CONFIG_OPT_NONE, 0, { value: ULOGD_NOTICE } }; -static config_entry_t rmem_ce = { &loglevel_ce, "rmem", CONFIG_TYPE_INT, + +static config_entry_t user_ce = { &loglevel_ce, "user", CONFIG_TYPE_STRING, + CONFIG_OPT_NONE, 0, + { string: ULOGD_USER_DEFAULT } }; + +static config_entry_t rmem_ce = { &user_ce, "rmem", CONFIG_TYPE_INT, CONFIG_OPT_NONE, 0, { value: ULOGD_RMEM_DEFAULT } }; @@ -694,14 +704,17 @@ int main(int argc, char* argv[]) case 'u': change_uid = 1; user = strdup(optarg); + setpwent(); pw = getpwnam(user); if (!pw) { printf("Unknown user %s.\n", user); + endpwent(); free(user); exit(1); } uid = pw->pw_uid; gid = pw->pw_gid; + endpwent(); break; } } @@ -739,7 +752,23 @@ int main(int argc, char* argv[]) exit(1); } - + /* if no -u cmd line option set, read the user option from config. */ + if (!change_uid && strlen(user_ce.u.string)) + { + change_uid = 1; + user = strdup(user_ce.u.string); + setpwent(); + pw = getpwnam(user); + if (!pw) { + printf("Unknown user %s.\n", user); + endpwent(); + free(user); + exit(1); + } + uid = pw->pw_uid; + gid = pw->pw_gid; + endpwent(); + } if (change_uid) { ulogd_log(ULOGD_NOTICE, "Changing UID / GID\n"); if (setgid(gid)) { --- ulogd.conf.in +++ ulogd.conf.in 2007/05/31 11:11:06 @@ -7,6 +7,9 @@ # GLOBAL OPTIONS ###################################################################### +# username to run as (runs as root if not set) +user=ulogd + # netlink multicast group (the same as the iptables --ulog-nlgroup param) nlgroup=1